The vulnerability is caused by a heap overflow error when processing LVL structures in a Word document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Word file.